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DETAILED ACTION 

1 . Applicant's arguments filed September 14, 2006, have been fully considered. 

2. Claims 1-24 are pending and have been examined. 

Response to Amendment 

3. The objections to the drawings are withdrawn. 

4. The objection to claim 12 is withdrawn. 

5. Applicant's arguments with respect to the prior art have been considered but are 
moot in view of the new ground(s) of rejection. 

6. The applicant has not traversed the examiner's use of official notice with 
regards to the claimed limitations found in claim 5, these features are taken by 
the examiner to be admitted prior art since the applicant has not adequately 
challenged the examiner's use of official notice (see MPEP 2144.03(c), 2144.04). 

Continued Examination Under 37 CFR 1.114 

7. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. 

Claim Objections 

8. Claims 1 , 12, 16, and 20 are objected to because of the following informalities: 
"proformed", perhaps "performed" was intended. Appropriate correction is required. 
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9. Claim 20 is objected to because of the following informalities: "A program product 
stored on a recordable medium for managing data, which when executed, comprises:". 
Perhaps "A program product, stored on a recordable medium, for managing data, which 
when executed, comprises:" was intended. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

10. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

1 1 . Claims 1 , 6, and 20 are rejected under 35 U.S.C. 1 12, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claims 1 , 6, and 20 recite the limitation "the received data". There is insufficient 
antecedent basis for this limitation in the claims. 

Claim Rejections - 35 USC § 101 

12. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

13. Claims 20-24 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claim 20 are not limited to tangible embodiments. In view of applicants' 
disclosure, specification page 8, lines 7-19, the medium is not limited to tangible 
embodiments, instead being defined as including both tangible embodiments (e.g., 
Memory 12 may comprise any known type of data storage) and intangible embodiments 
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(e.g., and/or transmission media). As such, the claim is not limited to statutory subject 
matter and is therefore non-statutory. Claims 21-24 are rejected based on their 
dependency from claim 20. 

14. To expedite a complete examination of the application, the claims rejected under 
35 U.S.C. 101 (non-statutory) above are further rejected as set forth below in 
anticipation of applicant amending these claims to place them within the four statutory 
categories of invention. 

Claim Rejections - 35 USC § 102 

15. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

16. Claims 1, 3, 4, 6, 7, 11, 20, and 22-24 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Lei et al. (US Patent 6,487,552, hereinafter Lei). 

Regarding claims 1 and 20, Lei teaches 



Application/Control Number: 09/988,320 Page 5 

Art Unit: 2136 

a data management system (abstract), comprising: 

an access control system for limiting access to the data management 
system to authorized entities (summary); 

a data confidentiality system for identifying details in the received data as 
one of secret, temporarily secret, possibly secret, and not secret, wherein 
secret, temporarily secret and possibly secret comprise confidential 
details and concealing confidential details in received data while allowing 
an analysis to be proformed that is based on the confidential details (col. 
1, lines 20-60); 

a data storage system for storing the received data (col. 5, lines 8-67, 
hardware overview); and 

a data update system for periodically automatically examining stored 
data to identify and expose any confidential details that have become 
non-confidential details (col. 9, lines 1-67, defining and setting context 
attributes). 

Regarding claims 3 and 22, Lei teaches wherein stored data is analyzed with a 
data analysis system (functional overview). 

Regarding claims 4 and 23, Lei teaches wherein the data analysis system is 
permitted to analyze the stored data based upon approval by full rights members of the 
data management system (functional overview). 
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Regarding claims 6 and 24, Lei teaches wherein the received data and the 
stored data are operational risk data (col. 1, lines 20-60, col. 9, lines 1-67, defining 
and setting context attributes). 

Regarding claim 7, Lei teaches wherein the system mitigates operational risk 
(col. 1, lines 20-60, col. 9, lines 1-67, defining and setting context attributes). 

Regarding claim 11, Lei teaches a customer relationship management tool for 
verifying a policy of an entity (col. 16, Policy Function section). 

Claim Rejections - 35 USC § 103 

17. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

18. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lei, 
and further in view of Admission. 

Regarding claim 5, Lei does not expressly disclose wherein data management 
system is a tamper resistant, tamper evident, tamper sensitive, tamper reactive, and 
programmable system. However, these features have been admitted per applicant to 
have been conventional and well known at the time the invention was made by the 
failure to adequately challenge the examiner's use of official notice in a previous office 
action. 

19. Claims 2, 8-10, 12-19, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lei, and further in view of Singhal (US Patent 6,938,022). 

Regarding claim 12, Lei teaches a data management system (abstract), 

comprising: an access control system for limiting access to the data management 
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system to authorized entities (summary); a data confidentiality system for identifying 
details in the received data as one of secret, temporarily secret, possibly secret and not 
secret, wherein secret, temporarily secret and possibly secret comprise confidential 
details and concealing confidential details in the received data while allowing an 
analysis to be proformed that is based on the confidential details (col. 1, lines 20-60); a 
data storage system for storing received data after the confidential details have been 
concealed (col. 5, lines 8-67, hardware overview); a data update system for 
periodically examining stored data to identify and expose any confidential details that 
have become non-confidential details (col. 9, lines 1-67, defining and setting context 
attributes); a program approval system for approving systems for analyzing the stored 
data (col. 8, lines 32-67). Lei does not expressly teach, however Singhal does teach a 
data decryption system for receiving at randomly generated time intervals and 
decrypting received operational risk data (col. 7, lines 1-67); and a key security system 
for protecting encryption keys (col. 15, lines 17-67). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
apply the teachings of Singhal to the system of Lei. One of ordinary skill in the art would 
have been motivated to do so to provide data confidentiality (Singhal, abstract, 
background). 

Regarding claim 16, Lei teaches a method for managing data (abstract), 

comprising: identifying details in the received data as one of secret, temporarily secret, 
possibly secrete and not secret, wherein secret, temporarily secret and possibly secret 
comprise confidential details and concealing confidential details in the received data 



Application/Control Number: 09/988,320 Page 8 

Art Unit: 2136 

while allowing an analysis to be proformed that is based on the confidential details (col. 
9, lines 1-67, defining and setting context attributes); storing the received data (col. 
5, lines 8-67, hardware overview); and updating the stored data by identifying and 
exposing any confidential details that have become non-confidential details in the stored 
data (col. 9, lines 1-67, defining and setting context attributes). Lei does not 
expressly teach, however Singhal does teach receiving operational risk data at 
randomly generated time intervals in a secured manner from an authorized provider 
(col. 7, lines 1-67). Therefore, it would have been obvious to one having ordinary skill 
in the art at the time the invention was made to apply the teachings of Singhal to the 
system of Lei. One of ordinary skill in the art would have been motivated to do so to 
provide data confidentiality (Singhal, abstract, background). 

Regarding claims 2, 17, and 21, Lei teaches a program approval system for 
approving systems for analyzing the stored data (col. 8, lines 32-67). Lei does not 
expressly teach, however Singhal teaches a data decryption system for decrypting 
received data (col. 7, lines 1-67); a data verification system for verifying an accuracy of 
received data (col. 7, lines 1-67); and a key security system for protecting encryption 
keys (col. 15, lines 17-67). The reason for combining is the same as that for claims 12 
and 16 above. 

Regarding claim 8, Lei does not expressly disclose, however Singhal teaches 
wherein data is received based upon a randomly generated time interval (col. 7, lines 
1-67). The reason for combining is the same as that for claims 12 and 16 above. 
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Regarding claim 9, Lei does not expressly disclose, however Singhal teaches 
wherein the confidential details cannot be accessed by any entity (col. 7, lines 1-67). 
The reason for combining is the same as that for claims 12 and 16 above. 

Regarding claim 10, Lei does not expressly disclose, however Singhal teaches 
wherein the confidential details can only be accessed by a plurality of entities acting in 
concert (col. 7, lines 1-67). The reason for combining is the same as that for claims 12 
and 16 above. 

Regarding claims 13 and 18, the combination of Lei and Singhal teaches 
wherein stored data is analyzed with a data analysis system (Lei, functional 
overview). 

Regarding claims 14 and 19, the combination of Lei and Singhal teaches 
wherein the data analysis system is permitted to analyze the stored data based upon 
approval by full rights members of the data management system (Lei, functional 
overview). 

Regarding claim 15, the combination of Lei and Singhal teaches wherein a 
provider submits the operational risk data to the data management system, and wherein 
a requester accesses the stored data (Lei, col. 1, lines 20-60, col. 9, lines 1-67, 
defining and setting context attributes). 

Conclusion 

20. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. US Patent Application Publication 2004/0049679 to Meggle 
disclose using a tamper resistant/tamper evident authentication device. US Patent 
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Numbers 6,224,486 and 6,425,828 to Walker et al. disclose the use of tamper 
evident/resistant/reactive/sensitive systems/memory. 

21 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861. The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 

22. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on (571) 272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

23. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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